Tag: security standards
PCI Council calls point-to-point encryption immature
by Knyaz on Oct.15, 2010, under News
The PCI Security Standards Council (PCI SSC) issued its first guidance document outlining the point-to-point encryption market, warning merchants of the possibility of vendor lock-in and calling current implementations too immature to properly evaluate.
In the PCI encryption document, Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance, the council explains how the latest encryption technologies can simplify the validation process by encrypting cardholder data at the time it enters a payment system and transport it safely and securely to payment processors, where it is decrypted.
“There are a lot of these so-called end-to-end encryption solutions cropping up all over the place and it could create a lot of confusion among merchants,” said Bob Russo, general manager of the PCI DSS Council. “This is by no means an endorsement of the technology; it’s just an early document to set the stage for more information to come.”
Verizon Report Finds Link Between Data Breaches and Failure to Comply with Payment Card Security Standards
by Knyaz on Oct.05, 2010, under News
While credit card data breaches remain all too common, a new report from Verizon Business shows that following industry security standards can dramatically reduce such incidents.
In a first-of-its-kind “Verizon Payment Card Industry Compliance Report,” the company examines the state of compliance with the Payment Card Industry Data Security Standard (PCI DSS), which was created in 2006 to protect cardholder data and reduce credit card fraud. Company investigators found that breached organizations are 50 percent less likely to be PCI compliant and that only 22 percent of organizations were PCI compliant at the time of their initial examination.